Re: FW: Warning Message: Your services near to be closed.
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 16 Jun 2005 08:57:10 -0700
> (ruba): true, when talking about scanning inside the IS, but you can scan
> the message before it enters the IS and be in exchange message format,
> MTA message scanning for example.(Each mail on entering the Internet Mail
> Service is placed in the IN subdirectory. This is where antigen scans the
> inbound queue for infected attachment. At this stage the IMS attempts to
> deliver the message to the Microsoft Exchange Server computer for the
> final delivery by the MTA (Message Transfer Agent) or the information
> store to the recipients. If at this stage the recipient is not in the
> particular site directory the message is sent to the out - subdirectory
> and sent to the next IMS. At this point the message leaves the environment
> unscanned by VSAPI (GFI)).
> Also In-memory scanning done by Antigen minimizes impact on the Exchange
> server for optimum protection and efficiency, which can't be done with
> GFI.
Any AV which relies upon scanning at the exact precise moment that a message
is placed in the In directory without programmatically being called to scan
that message is problematic and unreliable. That is playing a game to see
who can get there first, the AV software or the SMTP engine to deliver.
> (ruba): being proactive is not the way to go about it, being preemptive
> is. I mentioned the notifications because I was listing what would be good
> to have in GFI not because administrators should rely on the
> notifications.
Not being proactive about security will let stuff through.
John T
eServices For You
Other related posts: